Re-establishing Trust in Compromised Systems: Recovering from Rootkits That Trojan the System Call Table
نویسندگان
چکیده
We introduce the notion of re-establishing trust in compromised systems, specifically looking at recovering from kernel-level rootkits. An attacker that has compromised a system will often install a set of tools, known as a rootkit, which will break trust in the system as well as serve the attacker with other functionalities. One type of rootkit is a kernel-level rootkit, which will patch running kernel code with untrusted kernel code. Specifically, current kernel-level rootkits replace trusted system calls with trojaned system calls. Our approach to recover from these type of rootkits is to extract the system call table from a known-good kernel image and reinstall the system call table into the running kernel. Building on our approach to current generation rootkits, we discuss future generation rootkits and address how to recover from them.
منابع مشابه
Re-imagining Research: A Bold Call, but Bold Enough?; Comment on “Experience of Health Leadership in Partnering with University-Based Researchers in Canada: A Call to ‘Re-Imagine’ Research”
Many articles over the last two decades have enumerated barriers to and facilitators for evidence use in health systems. Bowen et al’s article “Response to Experience of Health Leadership in Partnering with University-Based Researchers: A Call to ‘Re-imagine Research’” furthers the debate by focusing on an under-explored research area (health system design and health service organization) with ...
متن کاملA Methodology for Detecting New Binary Rootkit Exploits
Hackers who gain root privilege on a computer system usually want to maintain this level of privilege for future exploits. They do not want to have to go through the steps to regain this level of privilege because of the effort involved and the increased risk of being discovered as well as the possibility that the original exploit used to gain root access gets patched. A hacker who gains access...
متن کاملCoprocessor-based hierarchical trust management for software integrity and digital identity protection
Malware and rootkits are serious security threats. They can be designed to be resistant to anti-virus and security software and even remain totally undetectable. This paper describes a hierarchical trust management scheme, where the root of trust is in a non-tamperable hardware co-processor on a PCI bus. The security device checks a part of the OS kernel for integrity, which in turn checks othe...
متن کاملA Cooperative Trust Bit-Map Routing Protocol Using the GA Algorithm for Reducing the Damages from the InTs in WANETs
The wireless ad hoc network (WANET) is a type of wireless network in which some nodes are decentralized as well as self-organized in a wireless local area network. In recent years, insider threats increasingly damage the works not only in computer information systems, but also many wireless communications systems e.g. WANETs. We must take into consideration that the majority of insider threats ...
متن کاملWhen Coproduction Is Unproductive; Comment on “Experience of Health Leadership in Partnering with University-Based Researchers in Canada: A Call to ‘Re-Imagine’ Research”
Bowen et al offer a sobering look at the reality of research partnerships from the decision-maker perspective. Health leaders who had actively engaged in such partnerships continued to describe research as irrelevant and unhelpful – just the problem that partnered research was intended to solve. This commentary further examines the many barriers that impede researchers ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004